113 matches found
CVE-2026-35648
OpenClaw before 2026.3.22 contains a policy bypass vulnerability where queued node actions are not revalidated against current command policy when delivered. Attackers can exploit stale allowlists or declarations that survive policy tightening to execute unauthorized commands...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from nodes that performed operations without revalidating according to the current command policy during...
Important: kernel6.12
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput in fremovexattr error path CVE-2024-14027 In the Linux kernel, the following vulnerability has been resolved: audit: add fchmodat2 to change attributes class CVE-2025-71239 In the Linux...
Medium: kernel6.18
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: audit: add fchmodat2 to change attributes class CVE-2025-71239 In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop in attrloadrunsrange on inconsistent metadata...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization due to the lack of revalidation of queued node actions against the current policy at the time of delivery. An attacker can execute previously allowed actions that...
GHSA-WJ55-88GF-X564 OpenClaw may have stale policy enforcement for queued node actions
Summary Queued node actions were not revalidated against current command policy when later delivered, so stale allowlists or declarations could survive policy tightening. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...
OpenClaw may have stale policy enforcement for queued node actions
Summary Queued node actions were not revalidated against current command policy when later delivered, so stale allowlists or declarations could survive policy tightening. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...
SUSE CVE-2026-23249
In the Linux kernel, the following vulnerability has been resolved: xfs: check for deleted cursors when revalidating two btrees The free space and inode btree repair functions will rebuild both btrees at the same time, after which it needs to evaluate both btrees to confirm that the corruptions a...
EUVD-2026-12852
In the Linux kernel, the following vulnerability has been resolved: xfs: check for deleted cursors when revalidating two btrees The free space and inode btree repair functions will rebuild both btrees at the same time, after which it needs to evaluate both btrees to confirm that the corruptions a...
CVE-2026-23249
In the Linux kernel, the following vulnerability has been resolved: xfs: check for deleted cursors when revalidating two btrees The free space and inode btree repair functions will rebuild both btrees at the same time, after which it needs to evaluate both btrees to confirm that the corruptions a...
UBUNTU-CVE-2026-23249
In the Linux kernel, the following vulnerability has been resolved: xfs: check for deleted cursors when revalidating two btrees The free space and inode btree repair functions will rebuild both btrees at the same time, after which it needs to evaluate both btrees to confirm that the corruptions a...
CVE-2026-23249
In the Linux kernel, the following vulnerability has been resolved: xfs: check for deleted cursors when revalidating two btrees The free space and inode btree repair functions will rebuild both btrees at the same time, after which it needs to evaluate both btrees to confirm that the corruptions a...
CVE-2026-23249 xfs: check for deleted cursors when revalidating two btrees
In the Linux kernel, the following vulnerability has been resolved: xfs: check for deleted cursors when revalidating two btrees The free space and inode btree repair functions will rebuild both btrees at the same time, after which it needs to evaluate both btrees to confirm that the corruptions a...
CVE-2026-23249 xfs: check for deleted cursors when revalidating two btrees
In the Linux kernel, the following vulnerability has been resolved: xfs: check for deleted cursors when revalidating two btrees The free space and inode btree repair functions will rebuild both btrees at the same time, after which it needs to evaluate both btrees to confirm that the corruptions a...
Linux Distros Unpatched Vulnerability : CVE-2026-23249
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xfs: check for deleted cursors when revalidating two btrees The free space and inode btree repair functions will rebuild both btrees at the same time, after whi...
AVideo vulnerable to unauthenticated SSRF via HTTP redirect bypass in LiveLinks proxy
Summary The plugin/LiveLinks/proxy.php endpoint validates user-supplied URLs against internal/private networks using isSSRFSafeURL, but only checks the initial URL. When the initial URL responds with an HTTP redirect Location header, the redirect target is fetched via fakeBrowser without...
PT-2026-25997
Summary The plugin/LiveLinks/proxy.php endpoint validates user-supplied URLs against internal/private networks using isSSRFSafeURL, but only checks the initial URL. When the initial URL responds with an HTTP redirect Location header, the redirect target is fetched via fakeBrowser without...
CVE-2026-20883
Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository is revoked, they may still view issue titles and repository names through previously started stopwatches. Mitigation Mitigation for this issue is either not available or the...
CVE-2025-71160
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: avoid chain re-validation if possible Hamza Mahfooz reports cpu soft lock-ups in nftchainvalidate: watchdog: BUG: soft lockup - CPU1 stuck for 27s! iptables-nft-re:37547 .. RIP: 0010:nftchainvalidate+0xcb/0x1...
CVE-2025-71160
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: avoid chain re-validation if possible Hamza Mahfooz reports cpu soft lock-ups in nftchainvalidate: watchdog: BUG: soft lockup - CPU1 stuck for 27s! iptables-nft-re:37547 .. RIP: 0010:nftchainvalidate+0xcb/0x1...